CVE-2024-4139

MEDIUM

Manage Bank Statement ReProcessing Rules - Privilege Escalation

Title source: llm

Description

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.

References (2)

Core 2

Core References

Various Sources

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Vendor Advisory

https://me.sap.com/notes/3434666

Scores

CVSS v3 4.3

EPSS 0.0016

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (5)

SAP_SE/SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) S4CORE 105

SAP_SE/SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) S4CORE 106

SAP_SE/SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) S4CORE 107

SAP_SE/SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) S4CORE 108

SAP_SE/SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) SAPSCORE 131

Published May 14, 2024

Tracked Since Feb 18, 2026